Brainstorm

When I get my Maemo 5 device, I imagine I will want to show it off to other people, and let other people try it out for themselves, as it looks like it will be very 'touchable' and nice and easy to use. I would like to do this because of being proud of the device, and this also might encourage other people to get one.

However, there may be some content on the device (pictures, to-do items, documents, emails, etc.) that I would rather not show to the person to which I'm handing the device. I would like to brainstorm ways of keeping such things private.

Note that I realise that if someone was determined and had long enough, they could bypass security in any number of ways and this Brainstorm idea isn't about that. This idea is about very short term (a few minutes probably) lending of the device to guests, where I will usually be present beside them, and is only designed to cover preventation of casual or accidental snooping of private stuff.

Solutions for this brainstorm

Solution #1: Add Guest Session mode

Like modern versions of Ubuntu, add a Guest Session mode, which creates a new, temporary Linux user folder (e.g. /home/guest). The user can play with all installed apps, but they won't be able to see any of the normal user data. Any data that they create will be wiped when the session ends.

Pros:

The main owner of the device can be sure that the guest can't see any of their content in /home/user, assuming Linux permissions are set correctly

The main owner won't need to spend any time sorting their content into private and public

The device shouldn't get overloaded with content, as the guest profile is deleted on exit

Cons:

Content on FAT32 partitions will still be visible

The user experience for the guest will be rather barren - empty desktop, no pictures to view, etc.

I don't know if apps use hardcoded /home/user paths, but if they do, they'll probably need to be recoded

Palm OS had a feature where individual items of content (e.g. notes, to-do items, contacts, appointments) could be marked as private. An app could be run to hide all private content, unhiding it only when the user types in a PIN.

Pros:

The guest would have a more interesting experience, being able to see the main owner's desktop and at least some of his or her content, such as pictures.

Cons:

The main owner would have to spend time marking items as private.

Almost all apps would need to be rewritten to allow private tags (the image viewer already supports tags which could be used for this)

The guest would still have read/write access to non-private content, so could accidentally change things

Solution #4: Protecting the folder and files in it from being viewed in apps

If all the to-be-protected data is in a folder, then my proposed solution might work?
The idea is not only to protect the folder but also the files in it from being viewed from the apps installed on the device. This might be possible to achieve in a simple manner.
For ex, lets take a simple photo viewer app!
Assuming the photo viewer app only views files ending with an extension jpg/jpeg/bmp/png/raw/etc. To avoid protected data from being viewable in the photo viewer app, the extensions of those picture files in the to-be-protected folder can be changed to something other what the photo viewer app would understand (say, xyz). And the protector app will remember all these temporary mappings.
The folder and also the app should be protected from being run by a secure password.

Solution #6: brainstorm merge

Solution #3 from here (multi-user) and Solution #1 from there http://maemo.org/community/brainstorm/view/get_encryption_average_joe_ready/ would merge just fine in my opinion.

A proper multi-user environment and a ~/[$config,$private] like symlinking setup of user-data would make the system fully useable for someone else (if user-access) but would protect all private data to the user.

This would include a startup-screen to switch users, rebuilding the user-file-environment based on symlinking all user-data to a crypted place not mountable via USB (having an exportable fs should be still an option! but not for those things normaly not exportable via USB). A crypt-management tool like EasyCrypt and so on.

0

0

0

0 0

Solution #7: Implement Private profile

A phone could have a Private and a Public profile that can be switched on the run.

This does nothing more than set a global flag, and allow each application to implement its own security model. For example, Images could have its own system, based on "Private" tag. Video archive could have a .videos/private folder that isn't listed if in Public mode. Calendar could hide private calendars, Email could have private and work accounts, and so on. This is similar to profiles in many implementations, where each app/game is responsible for obeying the set limits.

This has several advantages over complex user-based implementations:

Virtually no increased usage on root

Flexible implementation that is future-proof and developer-safe

Gradual implementation (there is no need for everyone to support immediately)